From fa5e8eacd8a8f18340d7a1cc22d6e89e8256139c Mon Sep 17 00:00:00 2001
From: Matt Kasa <mkasa@gitlab.com>
Date: Wed, 28 Oct 2020 18:11:58 -0700
Subject: [PATCH] feat: add cdktf cli

- changes base image to `node:alpine`
- moves `TF_HTTP_*` exports to entrypoint

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/262100
---
 .gitlab-ci.yml              |  4 +++-
 Dockerfile                  | 19 +++++++++++++++----
 src/bin/entrypoint.sh       | 27 +++++++++++++++++++++++++++
 src/bin/gitlab-terraform.sh | 24 ------------------------
 4 files changed, 45 insertions(+), 29 deletions(-)
 create mode 100644 src/bin/entrypoint.sh

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0d762ad..24ba11c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -5,6 +5,7 @@ variables:
   RELEASE_IMAGE_NAME: "$CI_REGISTRY_IMAGE/releases/$TERRAFORM_VERSION"
   TF_ADDRESS: "$CI_API_V4_URL/projects/$CI_PROJECT_ID/terraform/state/$CI_PIPELINE_IID-$STATE_NAME"
   TFPLANTOOL_VERSION: "v0.1.0"
+  BASE: "node:alpine"
 
 .versions:
   parallel:
@@ -46,7 +47,7 @@ build:
     - .versions
   stage: build
   script:
-    - docker image build --tag "$BUILD_IMAGE_NAME" --build-arg BASE=$TERRAFORM_BASE --build-arg TFPLANTOOL=$TFPLANTOOL_VERSION .
+    - docker image build --tag "$BUILD_IMAGE_NAME" --build-arg BASE=$BASE --build-arg TERRAFORM_BASE=$TERRAFORM_BASE --build-arg TFPLANTOOL=$TFPLANTOOL_VERSION .
     - docker image push "$BUILD_IMAGE_NAME"
 
 .test:
@@ -55,6 +56,7 @@ build:
     - terraform version
     - gitlab-terraform version
     - jq --version
+    - cdktf --version
     - cd tests
   cache:
     key: "$TERRAFORM_VERSION-$CI_COMMIT_REF_SLUG"
diff --git a/Dockerfile b/Dockerfile
index b45e5ba..6135381 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,25 +1,36 @@
 ARG BASE
+ARG TERRAFORM_BASE
 
 FROM golang:1.14 AS tfplantool
 
 ARG BASE
+ARG TERRAFORM_BASE
 ARG TFPLANTOOL
 
 WORKDIR /tfplantool
 
 RUN git clone --branch $TFPLANTOOL --depth 1 https://gitlab.com/mattkasa/tfplantool.git .
-RUN sed -i -e "/github\.com\/hashicorp\/terraform/s/ v.*\$/ v$(echo "$BASE" | sed -e "s/^.*://")/" go.mod
+RUN sed -i -e "/github\.com\/hashicorp\/terraform/s/ v.*\$/ v$(echo "$TERRAFORM_BASE" | sed -e "s/^.*://")/" go.mod
 RUN go get -d -v ./...
 RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o tfplantool .
 
+FROM $TERRAFORM_BASE AS terraform
+
+ARG BASE
+
 FROM $BASE
 
-RUN apk add --no-cache jq
+RUN apk add --no-cache ca-certificates jq
 
+COPY --from=terraform /bin/terraform /bin/terraform
 COPY --from=tfplantool /tfplantool/tfplantool /usr/bin/tfplantool
 
 COPY src/bin/gitlab-terraform.sh /usr/bin/gitlab-terraform
 RUN chmod +x /usr/bin/gitlab-terraform
 
-# Override ENTRYPOINT since hashicorp/terraform uses `terraform`
-ENTRYPOINT []
+RUN npm install -g cdktf-cli && npm cache clean --force
+
+COPY src/bin/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/src/bin/entrypoint.sh b/src/bin/entrypoint.sh
new file mode 100644
index 0000000..2ab8900
--- /dev/null
+++ b/src/bin/entrypoint.sh
@@ -0,0 +1,27 @@
+#!/bin/sh -e
+
+# If TF_USERNAME is unset then default to GITLAB_USER_LOGIN
+export TF_USERNAME="${TF_USERNAME:-${GITLAB_USER_LOGIN}}"
+
+# If TF_PASSWORD is unset then default to gitlab-ci-token/CI_JOB_TOKEN
+if [ -z "${TF_PASSWORD}" ]; then
+  export TF_USERNAME="gitlab-ci-token"
+  export TF_PASSWORD="${CI_JOB_TOKEN}"
+fi
+
+# If TF_ADDRESS is unset but TF_STATE_NAME is provided, then default to GitLab backend in current project
+if [ -n "${TF_STATE_NAME}" ]; then
+  export TF_ADDRESS="${TF_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}}"
+fi
+
+# Set variables for the HTTP backend to default to TF_* values
+export TF_HTTP_ADDRESS="${TF_HTTP_ADDRESS:-${TF_ADDRESS}}"
+export TF_HTTP_LOCK_ADDRESS="${TF_HTTP_LOCK_ADDRESS:-${TF_ADDRESS}/lock}"
+export TF_HTTP_LOCK_METHOD="${TF_HTTP_LOCK_METHOD:-POST}"
+export TF_HTTP_UNLOCK_ADDRESS="${TF_HTTP_UNLOCK_ADDRESS:-${TF_ADDRESS}/lock}"
+export TF_HTTP_UNLOCK_METHOD="${TF_HTTP_UNLOCK_METHOD:-DELETE}"
+export TF_HTTP_USERNAME="${TF_HTTP_USERNAME:-${TF_USERNAME}}"
+export TF_HTTP_PASSWORD="${TF_HTTP_PASSWORD:-${TF_PASSWORD}}"
+export TF_HTTP_RETRY_WAIT_MIN="${TF_HTTP_RETRY_WAIT_MIN:-5}"
+
+exec "$@"
diff --git a/src/bin/gitlab-terraform.sh b/src/bin/gitlab-terraform.sh
index c637ec0..4cdba22 100755
--- a/src/bin/gitlab-terraform.sh
+++ b/src/bin/gitlab-terraform.sh
@@ -21,30 +21,6 @@ JQ_PLAN='
   }
 '
 
-# If TF_USERNAME is unset then default to GITLAB_USER_LOGIN
-TF_USERNAME="${TF_USERNAME:-${GITLAB_USER_LOGIN}}"
-
-# If TF_PASSWORD is unset then default to gitlab-ci-token/CI_JOB_TOKEN
-if [ -z "${TF_PASSWORD}" ]; then
-  TF_USERNAME="gitlab-ci-token"
-  TF_PASSWORD="${CI_JOB_TOKEN}"
-fi
-
-# If TF_ADDRESS is unset but TF_STATE_NAME is provided, then default to GitLab backend in current project
-if [ -n "${TF_STATE_NAME}" ]; then
-  TF_ADDRESS="${TF_ADDRESS:-${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${TF_STATE_NAME}}"
-fi
-
-# Set variables for the HTTP backend to default to TF_* values
-export TF_HTTP_ADDRESS="${TF_HTTP_ADDRESS:-${TF_ADDRESS}}"
-export TF_HTTP_LOCK_ADDRESS="${TF_HTTP_LOCK_ADDRESS:-${TF_ADDRESS}/lock}"
-export TF_HTTP_LOCK_METHOD="${TF_HTTP_LOCK_METHOD:-POST}"
-export TF_HTTP_UNLOCK_ADDRESS="${TF_HTTP_UNLOCK_ADDRESS:-${TF_ADDRESS}/lock}"
-export TF_HTTP_UNLOCK_METHOD="${TF_HTTP_UNLOCK_METHOD:-DELETE}"
-export TF_HTTP_USERNAME="${TF_HTTP_USERNAME:-${TF_USERNAME}}"
-export TF_HTTP_PASSWORD="${TF_HTTP_PASSWORD:-${TF_PASSWORD}}"
-export TF_HTTP_RETRY_WAIT_MIN="${TF_HTTP_RETRY_WAIT_MIN:-5}"
-
 apply() {
   if ! terraform_is_at_least 0.13.2; then
     tfplantool -f "${plan_cache}" backend set -k password -v "${TF_PASSWORD}"
-- 
GitLab